Computer users have become increasingly dependent on communications over public networks, such as the Internet, for both business and personal reasons. Such communications routinely include personal or confidential data. For example, a user may provide credit card or other account information over the public network to purchase goods or services. Sensitive and confidential business communications, emails, and documents are also transmitted over public networks.
Data is transmitted over the Internet and other networks using the Internet Protocol (IP). Unfortunately, IP provides little or no security. Data within standard IP packets is usually not encrypted and may be accessed, viewed and even altered by an eavesdropper. Thus, IP does not protect the confidentiality or authenticity of the data. To address these shortcomings, the Internet Engineering Task Force (IETF) developed a set of extensions to IP referred to as the Internet Protocol Security (IPSec) suite. The IPSec suit includes protocols for authentication header (AH), encapsulating security protocol (ESP), and key management and exchange protocol (IKE).
The ESP protocol, documented mainly in IETF Request for Comments (RFC) 2406,is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide integrity, source authentication, and confidentiality of data. The AH protocol, documented mainly by IETF RFC 2402,is an authentication protocol that uses a hash signature in the packet header to validate the integrity of the packet data and authenticity of the sender. Unlike ESP, AH does not encrypt data within IP packets and, therefore, does not provide for confidentiality.
The IKE protocol, documented mainly in IETF RFC 2409,provides a method for network devices to negotiate security settings used with the AH and ESP IPSec formats. The negotiated security settings form a data structure called a security association (SA). The SA defines parameters such as the authentication algorithm, encryption algorithm, keys, and the lifetime of keys, used by ESP or AH to protect the contents of the IP packet. Because ESP and AH require an established SA, an IKE negotiation is executed before the ESP or AH protocols are used to transmit data.
IPSec packets, i.e. IP packets constructed using the IPSec protocol suite, are incompatible with some network devices. One example of a network device not designed to handle some IPSec packets is a Network Address Translation device (NAT). A NAT is typically connected to a plurality of client computers on a private network as an interface between the private network and a public network. Each client computer has a private source IP address that is valid on the private network but not valid on the public network. When a first client sends an IP packet destined for the public network, the NAT intercepts the packet and replaces the private source IP address with an IP address valid on the public network, such as a public IP address assigned to the NAT. The NAT performs the same process for each client, and in each case uses the same source public IP address. This allows multiple client computers to communicate over the public network with a single source IP address.
The NAT may also change a source port address in a transport layer header, e.g. TCP or UDP header, within the IP packet to ensure that each client sends packets with a unique combination of IP and port addresses over the public network. The unique combination of addresses provides the NAT with a mechanism to route response IP packets sent from devices on the public network to the proper client on the private network. The NAT also modifies checksums in the IP and TCP or UDP headers so that the IP packet remains valid.
The transport layer header in some IPSec packets is encrypted. For example, the ESP protocol encrypts the TCP or UDP header, rendering the port addresses and checksum information in the header opaque to the NAT. The NAT cannot read and modify the TCP or UDP header as necessary, preventing the traversal of such packets through the NAT.
UDP encapsulation provides a partial solution allowing some IPSec packets using the ESP protocol to traverse a NAT. The encrypted portion of the IPSec packet is encapsulated into a UDP packet and provided with an unencrypted UDP header. The UDP packet is in turn placed in a standard IP packet. The NAT can then access and modify the port and checksum information within the unencrypted UDP header thereby permitting the traversal of these IP packets through the NAT.
Another partial solution, which is independent of the UDP encapsulation solution, is provided by the implementation of so called “IPSec-aware” NATs. When the IPSec aware NAT detects IKE packets from a client computer, it expects to see subsequent encrypted ESP protocol packets. Embedded within a non-encrypted portion of each ESP packet is a security parameter index (SPI). The NAT attempts to map the SPI, instead of a port address, to each client computer. Thereafter, the NAT uses the mapped SPI to identify the client computer sending the ESP packet. While not a complete solution, this method allows ESP packets to traverse the NAT under limited circumstances.
The UDP encapsulation method is, however, incompatible with IPSec aware NATs. The unencrypted UDP header in the ESP packets, when UDP encapsulation is supplied, includes the same UDP ports as are used for IKE packets, typically port 500. To distinguish between IKE packets and ESP packets, the UDP encapsulation method reformats the ESP packet to include not only the unencrypted UDP header, but also an 8 byte zero pad located between the UDP header and encrypted data. The zero pad allows a computer receiving the IP packet to distinguish between the IKE and ESP packets.
The foregoing presents at least two problems for an IPSec aware NAT. First, the NAT receives ESP packets over UDP port 500 and interprets the packets as IKE packets. Thus, the NAT never receives packets that it interprets as ESP packets and is unable to map SPI values. Second, IKE packets include an I-Cookie which is a non-zero value assigned by the client computer. The location of the I-Cookie in an IKE packets corresponds with the location of the zero pad in the ESP packet. When the NAT receives the ESP packet it may attempt to read the I-Cookie value but instead reads the zero pad. Zero is an invalid I-Cookie value, possibly causing the NAT to drop the packet.
From the foregoing, it is evident that a solution is needed for implementing the IPSec protocol in network environments using a NAT. In particular, a solution is needed that allows encrypted messages to traverse a NAT regardless of whether or not the NAT is IPSec aware.